Topic: Is 1 confirmation enough for Bitcoin transactions? (Read 294 times)

But there are few where it's not anonymous or you must give information beforehand, usually it's when no account/membership required to make donation.

An example, https://bitpay.com/520663/donate

But isn't charity/donation is many times given anonymously. In that case obtaining donator information wouldn't be necessary.
Besides that, getting donator information can be done regardless of the number of confirmations for the particular transaction.
I guess they can get the donator information even for 0 confirmation transactions since it is for charity/donation anyway right ?

Right on point ! Though binance returned their users money, it failed itself in the first attempt by requesting for a rollback just to prevent the hack.
They didn't even think what implications it would make in the community before making that post.


Also, how about adding

"The receiver"
If the receiver is a donating address (let's say for a charity or an open source project) they wouldn't mind any confirmations at all right ?
In this case 0 confirmation would be considered safe as well.

Might have been intentionally mined by SlushPool. There's apparently another RBFed transaction prior to the transaction that was included in the F2Pool's block. It seems highly unlikely that the delay was so significant and that SlushPool didn't see the other transaction as well[1]. I don't think SlushPool has a way to PushTx but it's still quite weird.

[1] https://twitter.com/BitMEXResearch/status/1352256363704037377/photo/1

The chances of something like this happening is all about timing. We have to consider that there is some time between when the user broadcasts the second transaction (the double spend/RBF with higher fee) and it propagates to reach the mining pool's node and for them to put that new one in their block and mine the new one. Even though we are talking about seconds here but it is perfectly possible.

So now they seem to believe that this was an instance of RBF, where the lower fee (ie. the original) transaction won!!?!

Not normally what you'd consider "likely" to happen, but certainly not "impossible". #funAndGames

I think the main mitigation to one-conf transactions would be to try to connect to a diverse number of nodes in hopes that somehow you'll also be aware of the other competing block on the same height, ensuring that the transaction is well propagated and with a sufficient fee would do. That's the general advice that I would give when 0-conf transaction was a thing but it would apply here as well.
Theoretically, the occurrence of stale blocks with competing chain should've decreased substantially. I'm not sure about the exact propagation timings but if I had to make an educated guess, I'll say that it's relatively fast. Stale blocks are unfortunately very difficult to track since either one of the competing blocks would probably suffer from poor propagation and most nodes would only see one of them. It's probably trackable with a very well connected node or monitoring the mining pools to have a general sensing.
https://twitter.com/BitMEXResearch/status/1351870852896346112

Not sure why that's the case.

That's true, but not if you double-spend the same inputs on the new "longest chain", which is what happened with the transaction in the Bitmex study, it all depends on the node that you connect to if the node tells you the transaction is confirmed and you release the goods/services based on that confirmation, only to find out later that not only the transaction has gone missing, it actually never existed.

It's quite normal to see a double spend on a 0 confirmation transaction, some wallets made that pretty easy to do anyway, but to see that 1 confirmation and then the transaction disappears isn't something that happens every day, not even every year if I am not mistaken.


But Binance isn't just a random company, the majority of the volume of bitcoin trading happens on Binance, they have more than 100,000BTC in their cold wallets alone and they are the 3rd largest Bitcoin mining pool, it doesn't matter how you look at it, or if you like CZ or not ( I am on the same page as you are, I don't like this guy at all) Binance is a major player in the crypto industry and whatever standard they sit is probably going to spread faster than you think.


I think this is exactly what they do, ranochigo mentioned the 2 conf for withdrawal which is correct now that I have looked it up, but I know Binane needs only 1 confirmation for you to be able to trade that bitcoin to something else, I don't know how do they handle the situation if something goes wrong between the time your transaction gets 1 confirmation and the time when something bad happens.


On the forkmonitor.info it says:


How would they come to such a conclusion?


Probably someone, somewhere, keeps a copy of all those "forked" chains, maybe CK or Kano?

Bitcoin confirmation is part of the economics of risk, which is the priority of high security or speed of obtaining service.

In general, confirmation 1 is sufficient for many services, unlike what happens with many altcoins, provided that we define "enough."

Binance as example: Based on my experience, they require 2 confirmations before the transaction appears in your account, but in general they make withdrawals faster if you withdraw less than what you have in your account and a slower time whenever the amount you want to withdraw is higher than the required amount in your account.

Thus, it can be applied like all services that require speed.

The case you mentioned does not constitute a risk to render 1 Confirmation insufficient to consider the transaction safe. Perhaps over time it will become 2 or 3, although many platforms do it without telling you (allowing deposits and delaying withdrawals.)

Actually afaik you don't have to do anything, the coffee will get paid later, since at least the pool mining the winning block and also those declaring it as winner block (!) still have it in the mempool.
Then it was said many times that the "good" number of confirmations depends on the service and the amount transacted (1 conf is OK for a coffee, but not for 1000$). Most services I've encountered need at least 3 confirmations. And that's because this kind of splits are not that uncommon.

The fact that the main chain is not great for "payment at the grocery store" is related to the waiting time, which can be big even if we take only the first confirmation (just imagine waiting in the queue because there was no block for 25 minutes).

About the question which services being affected ... I guess that it's the only one where the initial transaction was sent from the double spend, if it was indeed a double spend.

What some random company does should never be a reliable source for you to make decisions. Specially if the company is owned by someone who doesn't even understand bitcoin, so much so that the owner begged for a 51% attack/rollback of bitcoin blocks just because his service didn't have enough security to prevent the large hack that led to them losing a lot of money!

Number of confirmation to consider a transaction safe depends on a bunch of factors, there is no "one value fit them all" here.
1. Receiver's client type
If the receiver is using a full verifying node they can detect any kind of chain split a lot faster and with higher confidence than SPV clients, or with decreasing confidence: those clients that depends on a centralized server, web wallets, custodial wallets, etc.
In other words someone running a full node can ask for lower number of confirmation. In some cases with a different setup they can even get away with 0 confirmation but with an increased risk. Some gambling sites have done this in the past.

2. Network state
Almost always there is nothing going on in bitcoin network, but sometimes (like mid 2017) we have an upgrade (eg. soft fork) that could also increase the risk of chain split. In these situations the required number of confirmation should go higher.

3. Value of the transaction
This is a matter of risk, the cost of a cup of coffee is not comparable with the cost of a house for example. Consequently the number of confirmation required for each transaction is different.

4. The sender
If I'm receiving bitcoin from someone I know, I sometimes don't care about the number of confirmation. In those cases 0 is as safe for me as anything else. In other cases, I would wait for more than that.

You probably don't have to make a new transaction, the transactions in the orphaned blocks would just be pushed back into the mempool.

The instance as described seems to be corrected as a RBF instead of an actual double spend but I can't find the other competing transaction to verify if this was exactly the case. I do think 1 confirmation is sufficient to accept a small transaction with a fair amount of precautions, being well connected, having diverse nodes to detect competing blocks, etc. You don't have to obtain 51% of the hashrate unless you want to doublespend transactions that are 6 confirmations deep. In fact, with selfish mining, you would have a higher chance to outpace the network for a limited number of blocks.

For most exchanges that I've seen, they require 3 confirmations at the least for deposits or if they don't, there'll be some sort of limitations on the withdrawal (binance has 2 confirmations on their withdrawal IIRC). I would think that "stale blocks", which btw is a terminology that I've gotten used to, I think orphan blocks would refer to more like a block without it's preceding block known, are not that common nowadays. Blocks are often relayed fairly quickly through the network with compact block and pools often try to have a lower latency connection to other pools, like SPV mining previously.

I assume that regular transactions would be way smaller than those being sent to an exchange so that'll probably be a risk that merchants have to decide on.

---

Also, these kinds of double spending wouldn't necessarily be successful as well. It can only be done if the transaction is included in one of the block and not the other. If the transaction is propagated fairly well and has a decent fee, there's a good amount of chance that it was actually included in both blocks since they were both competing at the same height.

Many people argue that since the hashrate of bitcoin is incredibly huge, it's highly unlikely that anyone can double-spend a confirmed transaction, obtaining 51% of the hashrate just to double-spend also isn't economically realistic.

As a result, most people and exchanges started to request only a single confirmation, and that includes the top largest exchanges like Binance and the like, to be honest, I myself have always thought that 1 confirmation is often more than enough, but is this really the case?

Yesterday there was a chain split at block 666833, Slushpool orphaned F2pool's block and made all of its transactions invalid, I wonder, how many exchanges or/and people were effected by this?

BitMex Research wrote about a successful double-spend which happened in block 666833


More details on the double-spend can be found here.

Such incidents are unlikely to happen, but they can happen, which also questions the ability of blockchain to be used for day by day payments without a second layer of some sort, even with an unlimited blocksize, imagine Starbucks telling you that the coffee you paid for was "orphaned" and you need to make a new transaction or return the coffee.

What are everybody's thoughts on this?